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INTERACTIVE RISK MANAGEMENT SYSTEM AND METHOD 

1. FIELD OF THE INVENTION 

[0001] This invention relates to process management, and in particular to an 

interactive display which provides information for management processes and associated 
risks. 

2. BACKGROUND OF THE INVENTION 

[0002] Enterprise reputation risk presents management challenges. Even the 

finest organization's reputation may suffer serious and even irreparable damage from 
many disparate causes. Over the past years, risk controls were directed at capital losses 
arising from trading, market and credit risk. But today, the profound risk which must be 
identified, mitigated, controlled, and monitored is Enterprise Reputation Risk. 
Reputation risk, that is the loss of shareholder value resulting from a lack of customer 
and public confidence in the organization, must be effectively managed. 
[0003] Reputation risk is very difficult to manage since it may be extremely 

complex to identify and manage. It requires a coordinated analysis and control of three 
separate, interrelated risks: business risk, regulatory risk and operational risk. It also 
requires the identification of sub-risks which may occur throughout any part of an 
organization: within or between front, back and middle offices, and even between the 
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organization and outsource providers. It also requires the insertion of key controls and 
monitors, often in areas which have not been previously identified as key control points. 
[0004] Few organizations have risk reduction methodologies in place across all 

areas or for all risk areas. Thus, reputation risk remains. For example, organizations 
such as banks which will follow the Basel II formula, set forth by the Basel Committee 
on Banking Supervision through the Basel Capital Accord, are already well aware of the 
limits and complexity of the Basel II methodology. Its principal focus is reducing 
Operational Risk, and it specifically excludes an analysis of many overlapping areas of 
risk which give rise to enterprise reputation risk, so the reduction of reputation risk via 
Basel II is limited. 

[0005] Business Process Management (BPM) methods also reduce reputation 

risk, but only to a degree. A high quality BPM methodology yields measures and 
controls which give to management a set of metrics to manage in a cost effective and 
process efficient manner. However, BPM is, at heart, directed to cost control and 
efficiency rather than real risk reduction. In other words, an organization may spend 
millions on effective BPM and still have substantial exposure to reputation risk. 
[0006] Thus, effective reputation risk management depends upon identifying risk 

and control at each process point. However, because of downsizing, rightsizing, mergers, 
acquisitions, technology implementations, and outsourcing, organizations find an 
enormous disconnect between their process and controls. For example, the planned 
control environment instituted at some past time does not conform to the process which 
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has been implemented to meet business and service demands. This means that risk 
remains in the organization. 

[0007] Process management and risk reduction may be even more complex for 

organizations which have implemented Basel II or Business Process Management 
("BPM"). Basel II's operational risk definition is very limited and overlapping areas of 
risk may not be considered in the analysis. This leaves wide gaps and vulnerabilities. In 
addition, organizations which have implemented BPM may have effectively "mapped 
processes" and inserted control measures to maximize efficiency and cost reduction, but 
the underlying analysis of reputation risk factors is rarely accomplished. Thus, in both 
cases, management is left with a false sense of security. 

[0008] A need exists for the creation of an ongoing method of effective control 

and monitoring of process and risk management in an organization. 
[0009] It is therefore an object of the present invention to provide an interactive 

risk management system and method to allow a user to navigate from process to process 
to access and review associated data, to thereby obtain information about selected 
processes and associated risks. 

BRIEF SUMMARY OF THE INVENTION 
[0010] The invention comprises an interactive risk management system and 

method implemented via a computer and monitor that displays to the user through the 
browser a multi-dimensional visual mapping of the processes of an organization, and 
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allows the user to selectively view additional data, such as messages describing risks 
associated with the selected process. The user may navigate from one process to another 
process to access and review associated data, allowing the user to gain information about 
selected processes and associated risks. 



BRIEF DESCRIPTION OF THE DRAWINGS 
[0011] Preferred embodiments of the invention are described hereinbelow with 

reference to the drawings, wherein: 

[0012] FIG. 1 is a schematic illustration of the interactive management system in 

accordance with the present invention; 

[0013] FIG. 2 is a schematic illustration of a mapping; 

[0014] FIG. 3 is a flowchart of the method of operation of the interactive 

management system of FIG. 1 ; 

[0015] FIG. 4 is a display screen displaying a mapping; 

[0016] FIG. 5 is the display screen of FIG. 4 with a pop-up information window; 

[0017] FIG. 6 is a display screen displaying an alternative embodiment of a 

mapping; 

[0018] FIG. 7 is a display screen displaying a modification of the mapping of 

FIG. 6; and 

[0019] FIG. 8 is a display screen displaying another modification of the mapping 

of FIG. 6. 
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DETAILED DESCRIPTION OF THE INVENTION 
[0020] As shown in FIGS. 1-8, an interactive risk management system 10 and 

method are described which visually display to the user, for example, via a computer 
monitor utilizing a browser, a mapping of processes of an organization, that allows the 
user to selectively view additional data, such as messages describing risks associated 
with any selected process. The interactive risk management system 10 and method may 
be sold or otherwise provided to users as a software application associated with the 
trademark "COOL" commercially available from "IMAG" and/or other entities providing 
the interactive risk management system 10 and method. 

[0021] The user may navigate or move from process to process, for example, by 

use of the computer mouse or its equivalent, to access and review associated data, 
allowing the user to view, on screen or via a printout, information about selected 
processes and associated risks. 

[0022] In one representative embodiment, an accounts officer of a bank may 

move through a series of displayed processes representing steps in the procedures of the 
bank, such as a new-accounts procedure for creating a new banking account for an 
applicant, or a loan approval procedure for a potential borrower. For each process, the 
accounts officer may view instructions, guidelines, policies, and risks associated with the 
process currently being reviewed, such as the bank's approved procedures for preventing 
money laundering. 
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[0023] The displayed processes may include actuatable display regions or icons 

so that when the accounts officer clicks the region with a mouse cursor, a hyperlink to 
additional information is activated by which the computer system retrieves the 
correspondingly hyperlinked information and displays it to the accounts officer. The 
linked information may be, for example, a pre-existing text of the warning signs to be 
noted by the accounts officer which indicates a money-laundering risk associated with 
the application or applicant being reviewed. The linked information may be displayed to 
the accounts officer through the browser, for example, as a separate web-page on the 
intranet of the bank, or in a pop-up dialog box displayed over the existing browser text. 
[0024] In another representative embodiment, a medical technician in a hospital 

may move through a series of displayed processes representing steps in the procedures 
for performing diagnostic tests for patients, such as procedures implementing test 
requests from doctors and test approval from a health management organization (HMO) 
for performing X-ray or chemotherapy on a patient. At each process step, the medical 
technician may view instructions, guidelines, policies, and risks associated with the 
current process being reviewed, for example, the hospital's approved procedures for 
preventing unnecessary medical tests. The displayed processes may include actuatable 
display regions or icons so that when the medical technician clicks the region with a 
mouse cursor, a hyperlink to additional information is activated by the computer system 
to retrieve the correspondingly hyperlinked information, and to display this information 
to the medical technician. The linked information may be, for example, a pre-existing 
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text of the warning signs to be noted by the medical technician which suggest medical 
fraud by a patient and/or a doctor. The linked information may be displayed to the 
medical technician through the browser, for example, as a separate web-page on the 
intranet of the hospital or in a pop-up dialog box displayed over the existing browser text. 
[0025] As shown in FIG. 1, the interactive management system 10 and method 

includes a computer 12 having an input device 14, a display 16 for displaying a graphic 
user interface (GUI) including a browser 18, a processor 20, and a memory 22 for storing 
a mapping such as map data 24 comprising a plurality of processes and for storing at 
least one risk message or information 26 associated with at least one of the plurality of 
processes. The display 16 presents the browser 18 and GUI to the user and 
communicates with external devices 28 such as the Internet 30 or an intranet 32 
associated with the organization implementing the interactive management system 10 
and method. 

[0026] The input device 14 may include a keyboard 34 and a mouse 36 for using 

the browser 18. Alternatively, the input device 14 and the display 16 may include a 
touch screen system (not shown) to be employed for inputs and outputs. The processor 
20 operates the browser 18 and receives signals such as mouse input signals indicating 
actuation of icons or other actuatable display regions of the browser 18 by the user using 
the mouse 36. The processor 20 also uses mapping software 38 such as graphics 
software or any other software, for example, graphics software available from 
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"MICROSOFT CORPORATION" commercially available under the trademark 
"MICROSOFT VISIO". 

[0027] The processor 20 accesses the memory 22 to retrieve the map data 24 for 

displaying a mapping 40 on the browser 18, generally shown in FIG. 2 and as shown with 
the example mapping 100 in FIGS. 4-5. The memory 22 also stores risk information 
associated with specific processes which the processor 20 may access and display to the 
user navigating the displayed mapping 100. The memory 22 also includes link data 42, 
for example, corresponding to hyperlinks allowing the user to select and actuate an 
actuatable display region on the browser, such as icons or hot spots, to access additional 
information, such as the risk information 26 associated with a process corresponding to 
the selected actuatable display region. 

[0028] Referring to FIG. 2, the mapping 40 includes the plurality of processes, 

such as procedures 44-48 to be followed in a predetermined sequence. Each procedure 
44-48 includes an associated text 50-54, respectively, which may also include other 
information, such as graphics, audio and/or video describing or otherwise illustrating the 
respective procedure 44-48. The text of each procedure may also be a label displayed in 
the mapping through the browser 18, as shown in the blocks 102-152 representing 
processes in FIGS. 4-5. Other processes may include a control 56 with associated text 58 
describing or labeling the control, with the control 56 being associated with a specific 
process associated with at least one other process, such as the procedures 44-46. For 



8 



example, the control 56 may be a graphic and/or audible warning signal or red flag to the 
user when an associated process, such as procedure 44, is being accessed by the user. 
[0029] The mapping 40 also includes actuatable regions 60 such as icons which 

are displayed with the corresponding text 54 for the procedures 48 associated with the 
actuatable region 60 in the displayed mapping 40 viewable through the browser 18. The 
actuatable region 60 is associated with predetermined link data 62, and stored in a set of 
link data 42 in memory 22, so that actuation of the actuatable region 60 causes the 
processor 20 to utilize the predetermined link data 62 as an address or hyperlink to 
retrieve the specific risk information text 64 associated with the predetermined link data 
62, which is in turn associated with the actuatable region 60 corresponding to a specific 
procedure 48 being accessed by the user for additional information. 
[0030] As used herein, the term "hyperlink" means any type of link, such as an 

Internet link, to another webpage, document, or other information in any format, and also 
to link to another part of the program or to other programs and/or databases accessed via 
the user's intranet. Specific examples and methods are described below. 
[0031] As shown in FIG. 3, in operation, the interactive management system 10 

starts in step 66 the interactive management method, and displays in step 68 a graphic 
user interface including the browser 18 on the display monitor or other screen 16 of the 
computer 12 connected to the memory 22 and the input device 14. The memory 22 
stores in step 70 the mapping 40 of a plurality of processes, and stores in step 72 at least 
one risk message or information 26 associated with at least one of the plurality of 
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processes. The processor 20 receives in step 74 user selections through the input device 
14, and displays in step 76 to the user through the browser 18 the mapping 40 of the 
plurality of processes, with each of a set of the displayed processes having an associated 
actuatable display region 60. 

[0032] The processor 20 receives in step 78 signals corresponding to user 

actuation of an actuatable display region 60 of a selected process, and the processor 20 
causes the display 16 to display in step 80 to the user through the browser 18, in response 
to the user actuation, the at least one risk message or information 64 associated with the 
selected process, such as procedure 48, thereby allowing the user to gain information 
about the selected process and its associated risks. 

[0033] In an example embodiment, the computer 12 may be a laptop, a personal 

computer, or terminal connected to a network or other external devices 28, such as the 
Internet 30 or a dedicated intranet 32 associated with the organization of the user, such as 
the bank for which a loan officer processes new loan applications. 
[0034] The processor 20 is responsive to user selections through the input device 

14 to display to the user, through the browser 18, the mapping 40 of the plurality of 
processes, with each of a set of the displayed processes having an associated actuatable 
display region 60. The processor 20 is also responsive to user actuation of the actuatable 
display region 60 of a selected process, and displays to the user through the browser 18 
the at least one risk message or information 64 associated with the selected process. 
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[0035] The memory 22 is accessible through a computer network, so that any 

user using a browser 18, communicating through the computer network, may access and 
view the mapping 40 and may actuate the actuatable display regions 60 to selectively 
view the at least one risk message or information 64. The memory 22 may be a separate 
file server upon which the mapping 40 and other process data are stored. Alternatively or 
in addition, the memory 22 may be a removable storage medium such as a compact disk 
(CD) which may be updated regularly to reflect changes in the policies, processes and 
procedures of an organization. Accordingly, the interactive management system 10 and 
method may operate without local databases, but instead may be used in the field or used 
independently of the intranet 32 or internal computer network of the organization. 
[0036] The computer 12 may communicate through the external devices 28, for 

example, to hyperlink to retrieve additional information as the user views processes in 
the mapping 40. In order to perform this information retrieval, actuatable display regions 
60 are associated with the link data 62 addressing linkable data stored in the memory 22. 
The processor 20 responds to the actuation of a selective actuatable display region 60 to 
communicate with the memory 22 via the predetermined link data 62 to retrieve the 
corresponding linkable data. 

[0037] The link data 42, 62 may be a hyperlink, such as a uniform resource 

locator (URL) or other types of addresses, or file or directory names, for accessing data 
stored in the memory 22 and/or in the external devices 28 in communication with the 
computer 12. 
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[0038] The processor 20 operates mapping software 38 to display the mapping 40 

and the plurality of processes as graphical representations on the display 16, for example, 
in a multi-dimensional format and/or with color representations indicating types of 
processes, available information, warnings, and the like. The mapping software 38 
displays subsets of the plurality of processes in a plurality of horizontal tracks or lanes, 
with the horizontal tracks oriented one above the other vertically. In one preferred 
embodiment, the mapping software 38 is the graphics software available from 
"MICROSOFT CORPORATION" under the trademark "MICROSOFT VISIO". 
[0039] The interactive risk management system 10 and method described herein 

provides a new comprehensive solution for effective Enterprise Reputation Risk 
management, which requires a comprehensive methodology and implementation 
platform. Organizations, for example, in the financial services industry, may use the 
interactive risk management system 10 and method for identifying and reducing 
reputation risk, with a comprehensive analysis methodology which enables management 
to effectively identify, mitigate and control reputation risk for all products and services 
and all departments of the organization on an ongoing basis. 

[0040] In performing the comprehensive Enterprise Reputation Risk analysis, 

solutions and controls, the interactive risk management system 10 and method may be 
used as a very cost-effective non-database solution with little or no information 
technology (IT) intervention or support required. In addition, the interactive risk 
management system 10 and method may be specifically designed to supplement and 
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complement existing Basel II and business processing management (BPM) 
methodologies known in the art. The mapping of processes may be created with rapid 
turnaround, for example, average projects may be completed in about 120 days or even 
less. 

[0041] As will be apparent to one of ordinary skill in the art, the timetable 

depends upon the availability of the organizations personnel for interviews with those 
preparing the mapping and the number of programmers applied to the project. 
[0042] One advantage of the interactive risk management system 10 and method 

of the invention is the ability to facilitate effective monitoring, control and rightsizing of 
processes and risks in an organization, and provide a modern host environment for 
policies and procedures. For example, constant and consistent updating and version 
control may be assured throughout the organization. 

[0043] For effective operation of the entire organization, the interactive risk 

management system 10 and method are excellent for controlling and monitoring branch 
offices and cross-border products, and are useful tools for planning and implementing 
control environments for new products, processes, systems and procedures. By 
implementing a readily-accessible mapping of processes, the interactive risk management 
system and method of the invention serves as an "organizational memory" and provides a 
permanent record regarding processes and controls. 

[0044] The interactive risk management system 10 and method enable an 

organization to identify, control, and monitor Enterprise Reputation Risk and a series of 
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carefully planned, interrelated elements are included. For example, effective reputation 
risk detection begins with two requirements: independence and experience. It may be 
very difficult to "cut through" the fabric of organizations in a totally objective manner. It 
requires skill and experience to know where to look, the areas to probe and the issues to 
analyze. It requires independence to ask difficult questions and to glean information 
from disparate, but interrelated parts of an organization. 

[0045] Moreover, specialized experience is required to know how to analyze 

seamlessly between front and back offices and through all product and support areas 
from a variety of risk areas, in order to analyze and produce a mapping of the processes 
of an organization. 

[0046] The interactive risk management system 10 and method analyze and allow 

for the monitoring of three key areas of risk: business (or "inherent") risk, regulatory 
risk, and operational risk. 

[0047] Both the definitions of these key risk areas and their sub-risk components 

vary among financial services industries and even within common industries. In one 
perspective, the organization sets common definitions and risk factors so as to ensure that 
the analysis and mapping are consistent with the organizational environment and culture 
of the organization. Moreover, this element facilitates a dialogue between the creators of 
the mapping and management regarding alternative risk definitions and factors which 
may be common in the industry, but not fully developed or identified within a given 
organization. 
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[0048] Referring to FIGS. 3-5, in order to create the map of processes, 

interrelationships between processes may be determined and incorporated into the 
mapping 40. For example, one type of interrelationship is a control 56 of one process by 
another process. To be effective, a control 56 must be rationally connected to a particular 
process, must be specifically designed to mitigate the risks which exist at that point in the 
process and must be capable of measurement. 

[0049] The interactive risk management system 10 and method, in a preferred 

embodiment, display the process mapping 40 using highly visible, colorful, three- 
dimensional maps, for example, in the "MICROSOFT VISIO" format, designed to 
simultaneously display horizontal or cross-organizational processes, and vertical or drill- 
down processes. Once the maps are completed, they present a unique, three-dimensional 
"as is" picture of the organization's processes from a risk standpoint. 
[0050] As shown in the illustrative screen shots in FIGS. 4-5, the interactively 

displayed mappings 40 may be displayed on a browser 18 in the form of labeled blocks 
corresponding to predetermined processes showing their interrelationships. In the 
example mapping 100 shown in FIG. 4, a bank's loan officer may view the mapping 100 
for performing corporate lending procedures. The mapping 100 includes a plurality of 
labeled blocks 102-152, each corresponding to a specific process or procedure for 
performing corporate lending, such as setting up new customers and monitoring anti- 
money laundering (AML) practices according to procedures and guidelines of the Office 
of Foreign Assets Control (OF AC) established by the U.S. Treasury. 
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[0051] Common types of processes performed are generally are laid out in 

sequence in at least one lane or track 154, with the processes in each lane being 
horizontally displayed with appropriate labels 158 on each lane. In addition, common 
cross-type activities are grouped in vertical columns 156, such as new customer set-up 
and AML monitoring, with appropriate labels 160, 162 for each vertical column. 
[0052] For example, in a management track, a "No AML Parameters" process 

102, an "Approval if Needed" process 104, and a "No AML Risk Assessment, No AML 
Parameters" process 106 are displayed. In a business unit track, a "Prospective Dealer 
Relationship" process 108, a "Due Diligence Analysis, and Credit Check" process 1 10, 
an "Approval to Engage in Business" process 1 12, an "Individual Applies for Loan, 
Completes Application, and Gives to Dealer" process 1 14, a "Receive Application 
Review, Due Diligence, and Credit Check" process 1 16, an "Approval of Auto Loan" 
process 1 18, a "Draw Up Paperwork" process 120, and a "No Monitoring" process 122 
are displayed. In a credit department track, a "No Account Form, Only Check List" 
process 124, a "No AML Risk Review" process 126, a "No AML Risk Review" process 
128, and a "No Monitoring" process 130 are displayed. 

[0053] In an operations track, a "Customer Set-up on DataPro" process 132, an 

"OFAC Check" process 134, a "Customer Set-up on DataPro" process 136, an "OF AC 
Check" process 138, a "Wire Transfer Money to Dealer" process 140, a "No Monitoring" 
process 142, and a "Risk of Accidental OFAC Release" process 144 are displayed. 
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[0054] In an accounting track, the "Customer Set-up on DataPro" process 136 is 

also displayed, along with a "No Third Parties" process 146, and a "No Monitoring" 
process 148. In a compliance track, a "No Third Party OFAC Check" process 150, and 
an "OFAC Scrubbing For Changes" process 152 are displayed. 
[0055] The various processes may be connected by arrows 164, 166 illustrating 

the step-by-step flow from one process to the next. The solid arrows 164 may indicate a 
definitive process to be performed after the current process, such as a customer set-up 
132 being performed after approval to engage in business 1 12. Other types of arrows, 
such as dashed arrows 166, may show optional branching or decisions based on 
completion of a current process. For example, after a wire transfer 140 is performed, the 
organization may flag the wire transfer for "no monitoring" 142. The risk of accidental 
OFAC release 144 of personal information may also be viewed by the loan officer. 
[0056] Predetermined processes such as processes 108-120 may be illustrated 

with blocks having solid lines, while such optional processes 102-106, 122-130, and 142- 
150 may be displayed with blocks having dotted lines. As an alternative to, or in addition 
to, rectangular blocks, color coding, solid arrows, solid lines, dotted arrows, and dotted 
lines may be shown in the mapping 100, and the interactive management system 10 and 
method may display the mapping using different colors, different shading of the arrows 
and/or blocks, and different shapes for the blocks, such as red borders for very important 
processes to be performed. Other types of graphics such as stop signs may be used. 
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[0057] Using the mappings of FIG. 4, a user such as a loan officer may access 

and view addition information. For example, one or more of the processes or procedures 
102-154 may have an associated actuatable region as described above in conjunction with 
FIG. 2, so that actuation of a selected process by clicking a mouse button or equivalent 
device, when the mouse cursor overlaps the selected process, causes the processor to 
access the corresponding link data to access and retrieve associated risk information text 
associated with the selected process. 

[0058] For example, referring to FIGS. 4-5, when the user selects the "OF AC 

Check" process 134 in FIG. 4, the associated link generates a pop-up information box 
168, as shown in FIG. 5, to display to the user the organization's policy for risk 
management involving an OFAC checking procedure. The information box 168 may 
include display controls 170 such as a slidable icon to scroll through a page of the 
information on the displayed topic. 

[0059] It is to be noted that, although the information box 168 overlaps the 

Accounting and Compliance tracks, the pop-up information box 168 is not a separate 
process in the track, but is only displayed on the mapping 100 temporarily and is 
associated with the actuated process 134. 

[0060] Through the mapping 100 shown in FIGS. 4-5, with additional accessible 

information such as the information box 168, the interactive risk management system and 
method permit a user to perform a Risk Diagnostic Analysis and Solution Mapping 
function to bring together multiple aspects of process management, for example, process 



18 



operation, risk identification, and a solution meeting the needs of the user. The 
interactive risk management system and method of the invention act as effective tools for 
risk and solution analysis. During creation of the process mapping, business, regulatory, 
and operational risks which exist at each process step are identified and connected, and 
practical and effective solutions as well as controls are established which mitigate the 
identified risks. The risk analysis and proposed control solutions are embedded in the 
three-dimensional mapping so that, in a very short time, management and staff are 
presented, by the interactive risk management system 10 and method and their map and 
data presentation format, both their verified process flows as well as an analysis of 
identified risks and solutions. These mappings are easy to understand and lead to 
important and practical explanations of ways to mitigate risk. 
[0061] In an alternative embodiment, shown in FIGS. 6-8, the interactive risk 

management system and method may make use of indicators and/or other indicia or 
images, such as displayed stop signs, to indicate to the user that the process displayed 
substantially adjacent to the stop sign has an associated risk. 

[0062] For example, FIG. 6 illustrates a display screen displaying the alternative 

embodiment of a mapping 200, in which a plurality of processes 202-228 are organized 
into a plurality of tracks 230, for example, to map and illustrate to the user the procedures 
employed by an organization in the recruitment of registered staff. As described in 
connection with FIGS. 4-5 and the mapping 100, the processes 202-228 of the mapping 
200 may include actuatable regions which, upon activation by the user, provide 
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additional information about the associated process selected by the user to access and 
review the information. 

[0063] Specific processes, such as the processes 202, 206, 208 and 210, may have 

associated risks for which additional information is available. Accordingly, the 
interactive risk management system and method flags such processes or otherwise alerts 
the user of possible risks using visual and/or audible signs and/or signals, such as the 
image of stop signs 232. Alternatively or additionally, other visual cues such as the use 
of different colors for the stop signs 232 that contrast with the color of the process blocks 
202-228 and/or flashing colors of the stop signs 232 or of the process blocks 202-228 
may also be used to visually notify the user of additional information, for example, of a 
risk associated with a given process. 

[0064] Such stop signs 232 may also be actuatable regions, so that actuation of a 

stop sign causes the mapping 200 to display one or more risk information blocks 234-246 
in a modified mapping 248, as illustrated in FIG. 7. The risk information blocks 234-246 
may be displayed in one or more of the tracks 230 only for illustrative purposes, so that 
the risk information blocks 234-246 are positioned substantially adjacent to their 
respective processes 202-228. 

[0065] The risk information blocks 234-246 may have visual indicators such as 

dashed lines instead of the solid lines of the process blocks 202-228, as shown in FIG. 7, 
or colored blocks which contrast the colors of the process blocks 202-228. The user is 



20 



thereby provided with visual cues to indicate that the risk information blocks 234-246 are 
separate and distinct from the process blocks 202-228. 

[0066] In addition, the risk information blocks 234-246 may also be actuatable 

regions through which the user may access additional information, that is, actuation of 
one of the risk information blocks 234-246 causes the interactive risk management 
system 10 and method to retrieve and access additional and/or explanatory risk 
information. 

[0067] As described herein and shown in FIGS. 4-7, the mappings 100, 200 may 

reflect an existing structure of an organization. The interactive risk management system 
10 and method may also be used to display to the user a proposed solution to the existing 
structure to minimize or eliminate risks associated with the various processes. 
[0068] For example, the mapping 248 of FIG. 7 displays the associated risks in 

risk information blocks 234-246 of the processes illustrated in the original mapping 200 
in FIG. 6. On the mapping 248, an actuatable region or icon 250 may be provided to 
access a solution mapping, as shown in FIG. 8. Note that the position of the solution icon 
250 is arbitrary, that is, the positioning of the solution icon near a process, such as the 
process 216, or in a track 230, does not indicate that the solution mapping is only 
associated with the nearby process 216 or track 230. 

[0069] FIG. 8 illustrates a display screen displaying another modification of the 

mapping of FIGS. 6-7. The mapping 252 in FIG. 8 illustrates a solution mapping which 
minimizes or eliminates the risks described in the risk information blocks 234-246 of 
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FIG. 7. The solution mapping 252 has a plurality of processes 254-280 organized in at 
least one track or lane 282, which provides a proposed or final solution to the user in the 
form of a revision to the organization in a manner that minimizes or eliminates the risks, 
for example, in the recruitment of registered staff. 

[0070] As shown in FIG. 8, and in comparison to FIGS. 6-7, the solution mapping 

252 may have processes 254-280 which are different from the original processes 202-228 
of the organization, and such processes 254-280 may be organized in tracks 282 or lanes 
different from the tracks 230 in FIGS. 6-7. Some or all of the processes 254-280 may be 
common to the processes 202-228, such as the "Interview" processes 218, 268 and the 
"Commence Duties" processes 228, 280, and similarly some or all of the tracks 282 may 
be common to the tracks 230, such as an "Employee" track or lane and an "HR" or 
"Human Resources" track or lane. 

[0071] However, despite any common processes or tracks, the solution mapping 

252 is distinct from the original mapping 200 in that the processes 202-228 are 
re-arranged, modified, and/or deleted, and new processes may be added to present a 
proposed solution that minimizes or eliminates the risks in the overall organization. 
[0072] Accordingly, an initial mapping may be prepared, and once management 

reviews and agrees on risk-mitigating solutions, the initial mapping may be revised to 
re-map the process flows to reflect the new control environment. The new maps reflect 
actual process flows and/or solutions with control points duly noted. Policies, 
procedures, forms, and information sources, as well as web-links, may be amended to 
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conform to the new controls and may be hyperlinked directly to process steps on the 
maps. Using the interactive risk management system 10 and method, staff members may 
access and know exactly what steps to follow at each process point to mitigate risk. 
[0073] In addition to viewable process steps, "control boxes" are viewable and 

accessible within the flow for process monitoring on an ongoing basis. For organizations 
which have implemented BPM, the interactive risk management system 10 and method is 
designed to work in conjunction with the metrics and controls which are being 
implemented. 

[0074] The maps are available to all staff via their web browser, for example, 

through the organization's intranet 32. Each member of the staff has the ability, with a 
click of the mouse button, to access all processes within a given product, service or area 
from the highest level to the day-to-day work within a department. Control points are 
easily visible and applicable procedures and forms are only a click away from a given 
process step. The "control boxes" ensure that the process flow, which already conforms 
to the "as is" process of the organization, is followed and make monitoring easy to 
accomplish. 

[0075] Once the basic structure of the organization, including its procedures and 

polices, is mapped by the interactive risk management system and method, third parties 
may verify and update the maps regularly or on an as-needed basis, and may make the 
maps available on a web-hosted basis. 
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